Facebook leak shows new model needed for privacy protection: Deakin expert


A Deakin University cybersecurity expert is calling on Australian policy makers to protect social media users from unscrupulous data mining in the wake of the Cambridge Analytica scandal.

Dr Tianqing Zhu, who teaches in Deakin’s School of Information Technology, said the case was a lesson that in the current ‘big data’ era, intelligent tools could reveal more personal information than many users anticipated.

But Dr Zhu said harvesting data from social media accounts currently occupied a legal grey area.

“The Cambridge Analytica case raises two issues where there is no firm legislation or policy, first the extent to which users are clearly informed about how their data will be used, and the second how this data is extrapolated to include other information available on the web,” she said.

“The case shows harvested data can be linked to other existing data to dig out more private information that users never knew they were giving away.

“And it certainly demonstrates that a new privacy model is long overdue, one that can be applied by the government to secure the contemporary dynamic cyberspace.”

This month it was reported data analytics company Cambridge Analytica had tapped the Facebook profiles of more than 50 million users without their consent or knowledge four years ago.

The company collaborated with the developer of a Facebook ‘personality quiz’, which collected the profile information of those who downloaded the app, as well as information from their friends’ profiles. This data was then used for large-scale psychological profiling to help target political messages for the 2016 Trump campaign.

Dr Zhu said there were ways to share insightful data while protecting individual privacy, but they needed to be better supported through government regulation.

“We have plenty of techniques to preserve privacy, such as data encryption, data anonymity and differential privacy,” she said.

“But they can threaten the bottom lines of big companies like Facebook, so the incentive for these companies to use them just isn’t there, and that lack of motivation leads to harmful results for users and customers.”

Dr Zhu said regulations should be introduced so all data collected through social media was protected by privacy preservation methods, and any individual could not be identified from the protected data.

“That means for Facebook, rather than sharing raw data and users’ individual information with others, it could share aggregate information or patterns,” she said.

“This would make the data slightly less accurate, so less lucrative to on-sell, but it would protect users’ personal data far better. Tech companies like Apple are already using this method.

“Like Facebook, Apple also collects users’ data for analytics, but Apple applies privacy preserving technical tools to avoid privacy violations. This adds ‘noise’ to the data that has been collected from users, so individual personal information cannot be identified.”

Dr Zhu said customers could buy this aggregate data from Facebook (or similar tech companies), with the requirement they were clear upfront what this data would be used for, and were responsible for ensuring the data was obtained in a legal way.

“In addition, these customers should not be able to extend that data by extracting out the identities behind the data. Currently there is no policy that covers that, so we must design and propose new policies to ensure this is enforced.

“And it’s critical the government steps in and enforces rules and penalties to make these companies comply. There has to be some financial incentive for these tech companies, and I think measures like significant fines would ensure privacy preserving tools are properly implemented.”

For individual social media users, Dr Zhu said there was no need to panic, but instead pay more attention to the privacy protection fine print.

“Privacy breaches are everywhere, they’ve been happening long before the internet, and won’t stop no matter what measures we take. But governments, companies, researchers, and ordinary users can all work together to improve security.”